If you are running Cilium on Kubernetes, you can benefit from Kubernetes
distributing policies for you. In this mode, Kubernetes is responsible for
distributing the policies across all nodes and Cilium will automatically apply
the policies. Two formats are available to configure network policies natively
with Kubernetes:

The standard NetworkPolicy resource which at the time of this writing,
supports to specify L3/L4 ingress policies with limited egress support marked
as beta.

The CiliumNetworkPolicy is very similar to the standard NetworkPolicy. The
purpose is provide the functionality which is not yet supported in
NetworkPolicy. Ideally all of the functionality will be merged into the
standard resource format and this CRD will no longer be required.

The raw specification of the resource in Go looks like this:

typeCiliumNetworkPolicystruct{metav1.TypeMeta`json:",inline"`// +optionalMetadatametav1.ObjectMeta`json:"metadata"`// Spec is the desired Cilium specific rule specification.Spec*api.Rule`json:"spec,omitempty"`// Specs is a list of desired Cilium specific rule specification.Specsapi.Rules`json:"specs,omitempty"`// Status is the status of the Cilium policy rule// +optionalStatusCiliumNetworkPolicyStatus`json:"status"`}